> String id = request.getRequestedSessionId();
> if (null==id)
> {
> // there was no jsessionid in the request
> }
> else if (request.isRequestedSessionIdValid())
> {
> // there was a valid jsessionid in the request
> }
> else
> {
> // there was an invalid jsessionid in the request
> }
>
> In either case, a session object is always returned by
> request.getSession() and request.getSession(false). (Actually this was
> a surprise to me, because it seems that it is not possible to suppress
> creation of a new session where none exists by using
> getSession(false)....?)
>
By default:
1. getSession(true)!=null
2. getSession(false)!=null
But if a JSP page contains the tag <%@ page session="false" %>, then:
1. getSession(true)!=null
2. getSession(false)==null
For my case, sessions will only be created for logged-in users, therefore
I have to differentiate between browsers attempting to submit a expired
session ID vs browsers not submitting session ID at all.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
